- Kaspersky discovered that new Android devices come with Keenadu malware pre-installed
- Firmware variant gives attackers full control over apps, data and searches
- More than 13,000 infections detected; Victims are advised to replace compromised devices.
Be careful when purchasing your Android devices: as experts have warned, some come pre-installed with sinister malware that can take over your entire device, spy on your data, make changes, and more.
Kaspersky researchers have discovered a new malware variant, which they named Keenadu, that functions as a backdoor, with varying degrees of compromise, depending on how it is implemented.
The worst thing is that Keenadu is being implemented at the firmware level, which means that someone installed it below the operating system and even before the device was sold in the market. Experts don’t know how they’ve also seen it embedded in system apps, deployed via malicious APKs, and even apps on the Google Play Store, but the variant deployed at the firmware level was by far the most dangerous.
There is no evidence of exploitation
“In this variant, Keenadu is a fully functional backdoor that provides attackers with unlimited control over the victim’s device,” Kaspersky explained.
“It can infect all the apps installed on the device, install any app from APK files and grant them the available permissions. As a result, all the information on the device including media, messages, banking credentials, location, etc. can be compromised. The malware even monitors the search queries that the user enters in the Chrome browser in incognito mode.”
Luckily for the victims, the attackers drive this Ferrari as if it were a Fiat 500, as they mainly use it to get ad clicks.
So far, Kaspersky has identified around 13,000 infected endpoints, most located in Russia, Japan, Germany, Brazil and the Netherlands. If the malware sees that the device’s language or time zone is associated with China, it will not integrate, possibly suggesting that the attackers are of Chinese origin.
Additionally, the malware is also stopped if the Google Play Store and Play Services are not found on the device, which I assume means that HarmonyOS devices (Huawei hardware) are not being attacked.
Meanwhile, malicious Android apps found on the Google Play Store have been removed, but researchers advise victims to stop using these devices and replace them with clean alternatives.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
